Azure File Share with Microsoft Entra Domain Services

M Refly Asmar 20 Reputation points
2024-10-29T10:09:47.84+00:00

I want to create file sharing using azure file shares, previously I have setup identity source using microsoft entra domain services.

User's image

I want to be able to access fileshares using entraid,but after we setup, and we map, we can't login using the entra account that we have given access to the Storage File Data SMB Share Contributor role. when I try to map the drive using my computer, by logging in using the entra account, there is the following error error given:
User's image

What do I need to configure on Microsoft Entra Domain Services to connect to my Entraid?

FYI: The Entraid I use is synchronized with AD Sync Connect with AD On-Premise.

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,312 questions
0 comments No comments
{count} votes

Accepted answer
  1. Hari Babu Vattepally 715 Reputation points Microsoft Vendor
    2024-11-04T07:59:40.47+00:00

    Hi @M Refly Asmar

    Welcome to Microsoft Q&A Forum. Thanks for posting your query here!

    I understand that you are trying to set share-level permission for Azure Files to your Entra ID.

    Since you mentioned that your Entra ID is synchronized with AD Sync Connect with AD On-Premises, ensure that the users and groups you are assigning permissions to are properly synchronized. Azure Files only honors Azure RBAC role assignments granted to principals that are synchronized. Role assignments for identities not synchronized will be ignored.

    1. Check that the storage account has been domain-joined correctly. You can follow the steps in the Microsoft documentation to domain-join your storage account: domain-join-your-storage-account.
    2. If you're unable to sync your on-premises AD DS to Microsoft Entra ID, you can use a default share-level permission. Assigning a default share-level permission allows you to work around the sync requirement because you don't need to specify the permission to identities in Microsoft Entra ID. Then you can use Windows ACLs for granular permission enforcement on your files and directories.
    3. You can add a default share-level permission on your storage account, instead of configuring share-level permissions for Microsoft Entra users or groups.

    Troubleshoot Azure Files identity-based authentication and authorization issues (SMB)

    Additional information: Based on the error message there are few threads, which provide more insights on your query.

    Azure Files, network password is not correct when using storage account key Network password incorrect using Azure AD DS Identity Replacing on-premises file servers with Azure Files (including setup on private link for files and AD authentication) Mounting azure files | "The specified network password is not correct.

    Azure Files, network password is not correct when using storage account key

    If the issue still persists, I would like to work closer on this issue.


    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.